mirror/NetGuard
1
0
Fork 0
mirror of https://github.com/M66B/NetGuard.git synced 2025-01-03 13:54:09 +00:00
Code Issues Releases Wiki Activity

Fixed minimum ICMP packet length, decode ICMP type/code

Browse source
This commit is contained in:
M66B 2019-05-23 12:44:52 +02:00
parent 6ebf51c2d0
commit e323fd73f7
1 changed files with 6 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

8
app/src/main/jni/netguard/ip.c
View file

@ -126,6 +126,7 @@ void handle_ip(const struct arguments *args,
char source[INET6_ADDRSTRLEN + 1]; char source[INET6_ADDRSTRLEN + 1];
char dest[INET6_ADDRSTRLEN + 1]; char dest[INET6_ADDRSTRLEN + 1];
char flags[10]; char flags[10];
char data[16];
int flen = 0; int flen = 0;
uint8_t *payload; uint8_t *payload;
@ -211,14 +212,17 @@ void handle_ip(const struct arguments *args,
int syn = 0; int syn = 0;
uint16_t sport = 0; uint16_t sport = 0;
uint16_t dport = 0; uint16_t dport = 0;
*data = 0;
if (protocol == IPPROTO_ICMP || protocol == IPPROTO_ICMPV6) { if (protocol == IPPROTO_ICMP || protocol == IPPROTO_ICMPV6) {
if (length - (payload - pkt) < sizeof(struct icmp)) { if (length - (payload - pkt) < ICMP_MINLEN) {
log_android(ANDROID_LOG_WARN, "ICMP packet too short"); log_android(ANDROID_LOG_WARN, "ICMP packet too short");
return; return;
} }
struct icmp *icmp = (struct icmp *) payload; struct icmp *icmp = (struct icmp *) payload;
sprintf(data, "type %d/%d", icmp->icmp_type, icmp->icmp_code);
// http://lwn.net/Articles/443051/ // http://lwn.net/Articles/443051/
sport = ntohs(icmp->icmp_id); sport = ntohs(icmp->icmp_id);
dport = ntohs(icmp->icmp_id); dport = ntohs(icmp->icmp_id);
@ -297,7 +301,7 @@ void handle_ip(const struct arguments *args,
allowed = 1; // assume existing session allowed = 1; // assume existing session
else { else {
jobject objPacket = create_packet( jobject objPacket = create_packet(
args, version, protocol, flags, source, sport, dest, dport, "", uid, 0); args, version, protocol, flags, source, sport, dest, dport, data, uid, 0);
redirect = is_address_allowed(args, objPacket); redirect = is_address_allowed(args, objPacket);
allowed = (redirect != NULL); allowed = (redirect != NULL);
if (redirect != NULL && (*redirect->raddr == 0 || redirect->rport == 0)) if (redirect != NULL && (*redirect->raddr == 0 || redirect->rport == 0))